Security Testing Libraries - Page 1

A list of useful payloads and bypass for Web Application Security and Pentest/CTF

Python 48439Updated: 2 y ago License: Permissive (MIT)

Automatic SQL injection and database takeover tool

Python 27305Updated: 2 y ago License: Proprietary (Proprietary)

This repository is primarily maintained by Omar Santos (@santosomar) and includes thousands of resources related to ethical hacking / penetration testing, digital forensics and incident response (DFIR), vulnerability research, exploit development, reverse engineering, and more.

Jupyter Notebook 13889Updated: 2 y ago License: Permissive (MIT)

Fast and customizable vulnerability scanner based on simple YAML based DSL.

Go 13322Updated: 2 y ago License: Permissive (MIT)

PowerSploit - A PowerShell Post-Exploitation Framework

PowerShell 10648Updated: 2 y ago License: Proprietary (Proprietary)

🤖 The Modern Port Scanner 🤖

Rust 10160Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Agent-less vulnerability scanner for Linux, FreeBSD, Container, WordPress, Programming language libraries, Network devices

Go 10049Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Information gathering framework for phone numbers

Go 9879Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Web path scanner

Python 9792Updated: 2 y ago License: No License (No License)

Fast web fuzzer written in Go

Go 9469Updated: 2 y ago License: Permissive (MIT)

E-mails, subdomains and names Harvester - OSINT

Python 8676Updated: 2 y ago License: No License (No License)

一款完善的安全评估工具，支持常见 web 安全问题扫描和自定义 poc | 使用之前务必先阅读文档

JavaScript 8531Updated: 2 y ago License: Proprietary (Proprietary)

GTFOBins is a curated list of Unix binaries that can be used to bypass local security restrictions in misconfigured systems

HTML 8470Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

The Browser Exploitation Framework Project

JavaScript 8466Updated: 2 y ago License: No License (No License)

Fast subdomains enumeration tool for penetration testers

Python 8345Updated: 2 y ago License: Strong Copyleft (GPL-2.0)

Six Degrees of Domain Admin

PowerShell 8338Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

An open-source post-exploitation framework for students, researchers and developers.

Python 8323Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Credentials recovery project

Python 8235Updated: 2 y ago License: Weak Copyleft (LGPL-3.0)

Directory/File, DNS and VHost busting tool written in Go

Go 7747Updated: 2 y ago License: Permissive (Apache-2.0)

Fast passive subdomain enumeration tool.

Go 7741Updated: 2 y ago License: Permissive (MIT)

hydra

C 7722Updated: 2 y ago License: Strong Copyleft (AGPL-3.0)

Damn Vulnerable Web Application (DVWA)

PHP 7692Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Standalone man-in-the-middle attack framework used for phishing login credentials along with session cookies, allowing for the bypass of 2-factor authentication

Go 7634Updated: 2 y ago License: Permissive (BSD-3-Clause)

WPScan WordPress security scanner. Written for security professionals and blog maintainers to test the security of their WordPress websites. Contact us via contact@wpscan.com

Ruby 7607Updated: 2 y ago License: Proprietary (Proprietary)

Nishang - Offensive PowerShell for red team, penetration testing and offensive security.

PowerShell 7572Updated: 2 y ago License: Proprietary (Proprietary)

Dictionary of attack patterns and primitives for black-box application fault injection and resource discovery.

PHP 7455Updated: 2 y ago License: No License (No License)

A list of public penetration test reports published by several consulting firms and academic security groups.

CSS 7336Updated: 2 y ago License: No License (No License)

Empire is a PowerShell and Python post-exploitation agent.

PowerShell 6970Updated: 2 y ago License: Permissive (BSD-3-Clause)

External Attack Surface Management Platform

Shell 6531Updated: 2 y ago License: Proprietary (Proprietary)

OneForAll是一款功能强大的子域收集工具

Python 6493Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Infection Monkey - An open-source adversary emulation platform

Python 6193Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

Exploits locked/password protected computers over USB, drops persistent WebSocket-based backdoor, exposes internal router, and siphons cookies using Raspberry Pi Zero & Node.js.

JavaScript 5967Updated: 2 y ago License: No License (No License)

Adversary Emulation Framework

Go 5909Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

reNgine is an automated reconnaissance framework for web applications with a focus on highly configurable streamlined recon process via Engines, recon data correlation and organization, continuous monitoring, backed by a database, and simple yet intuitive User Interface. reNgine makes it easy for penetration testers to gather reconnaissance with minimal configuration and with the help of reNgine's correlation, it just makes recon effortless.

JavaScript 5567Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

渗透测试有关的POC、EXP、脚本、提权、小工具等---About penetration-testing python-script poc getshell csrf xss cms php-getshell domainmod-xss csrf-webshell cobub-razor cve rce sql sql-poc poc-exp bypass oa-getshell cve-cms

PowerShell 5384Updated: 2 y ago License: Permissive (Apache-2.0)

A curated list of awesome search engines useful during Penetration testing, Vulnerability assessments, Red/Blue Team operations, Bug Bounty and more

Shell 5330Updated: 2 y ago License: Permissive (MIT)

httpx is a fast and multi-purpose HTTP toolkit that allows running multiple probes using the retryablehttp library.

Go 5265Updated: 2 y ago License: Permissive (MIT)

Web application fuzzer

Python 5079Updated: 2 y ago License: Strong Copyleft (GPL-2.0)

Gather and update all available and newest CVEs with their PoC.

HTML 5032Updated: 2 y ago License: Permissive (MIT)

An Information Security Reference That Doesn't Suck; https://rmusser.net/git/admin-2/Infosec_Reference for non-MS Git hosted version.

CSS 5005Updated: 2 y ago License: Permissive (MIT)

The Penetration Testers Framework (PTF) is a way for modular support for up-to-date tools.

Python 4697Updated: 2 y ago License: No License (No License)

The all-in-one Red Team extension for Web Pentester 🛠

TypeScript 4691Updated: 2 y ago License: No License (No License)

Complete Mandiant Offensive VM (Commando VM), a fully customizable Windows-based pentesting virtual machine distribution. commandovm@fireeye.com

PowerShell 4666Updated: 4 y ago License: Permissive (Apache-2.0)

Next generation web scanner

Ruby 4514Updated: 2 y ago License: Strong Copyleft (GPL-2.0)

A Workflow Engine for Offensive Security

Go 4495Updated: 2 y ago License: Permissive (MIT)

暂停维护 | ffffffff0x 团队维护的安全知识框架,内容包括不仅限于 web安全、工控安全、取证、应急、蓝队设施部署、后渗透、Linux安全、各类靶机writup

C++ 4415Updated: 2 y ago License: No License (No License)

reconFTW is a tool designed to perform automated recon on a target domain by running the best set of tools to perform scanning and finding out vulnerabilities

HTML 4334Updated: 2 y ago License: Strong Copyleft (GPL-3.0)

This repo is archived. Thanks for wooyun! 乌云公开漏洞、知识库爬虫和搜索 crawl and search for wooyun.org public bug(vulnerability) and drops

PHP 4308Updated: 2 y ago License: No License (No License)

w3af: web application attack and audit framework, the open source web vulnerability scanner.

Python 4245Updated: 2 y ago License: No License (No License)

EyeWitness is designed to take screenshots of websites, provide some server header info, and identify default credentials if possible.

Python 4222Updated: 2 y ago License: Strong Copyleft (GPL-3.0)